Fwd: [squid-users] External ACLs strange behavior

From: Cassiano Martin <cassiano_at_polaco.pro.br>
Date: Thu, 22 May 2014 15:23:06 -0300

Amos,

The issue seems to be resolved, but sake of curiosity, I had some tweaks on

net.netfilter.nf_conntrack_tcp_timeout_established -> set to 3600
net.netfilter.nf_conntrack_tcp_loose -> set to 0

Does it interfere with the helpers? i'm not sure about it, but why for
each helper, a socket is open on loopback?

After I changed these values to:

net.netfilter.nf_conntrack_tcp_timeout_established -> set to 7440
net.netfilter.nf_conntrack_tcp_loose -> set to 1

Completely stopped from squid reloading the helpers every hour.

I'm not sure if I'm right, may be I'm just saying BS. :-)

Thanks

---------- Forwarded message ----------
From: Cassiano Martin <cassiano_at_polaco.pro.br>
Date: 2014-05-19 13:40 GMT-03:00
Subject: Fwd: [squid-users] External ACLs strange behavior
To: squid-users_at_squid-cache.org

I'll test it again without this test. lets see if it will work
normally then.

Thanks!

---------- Forwarded message ----------
From: Cassiano Martin <cassiano_at_polaco.pro.br>
Date: 2014-05-19 13:39 GMT-03:00
Subject: Fwd: [squid-users] External ACLs strange behavior
To: squid-users_at_squid-cache.org

Hmm, I didnt known about that.

---------- Forwarded message ----------
From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: 2014-05-19 11:49 GMT-03:00
Subject: Re: [squid-users] External ACLs strange behavior
To: squid-users_at_squid-cache.org

On 20/05/2014 12:46 a.m., Cassiano Martin wrote:
> I'm still having a strange issue with external ACLs. Sometimes I get
> this in my squid logs:
>
> ERR message=
> 2014/05/19 08:33:23 kid1| WARNING: securegateway_cfs #Hlpr0 exited
> 2014/05/19 08:33:23 kid1| Too few securegateway_cfs processes are
> running (need 1/5)
> 2014/05/19 08:33:23 kid1| Starting new helpers
> 2014/05/19 08:33:23 kid1| helperOpenServers: Starting 1/5
> 'squid_filter' processes
> 2014/05/19 08:33:26 kid1| WARNING: securegateway_cfs #Hlpr0 exited
> 2014/05/19 08:33:26 kid1| Too few securegateway_cfs processes are
> running (need 1/5)
> 2014/05/19 08:33:26 kid1| Closing HTTP port [::]:3128
> 2014/05/19 08:33:26 kid1| Closing HTTP port [::]:3129
> 2014/05/19 08:33:26 kid1| storeDirWriteCleanLogs: Starting...
> 2014/05/19 08:33:26 kid1| Finished. Wrote 0 entries.
> 2014/05/19 08:33:26 kid1| Took 0.00 seconds ( 0.00 entries/sec).
> FATAL: The securegateway_cfs helpers are crashing too rapidly, need help!
>
> And this is my "fake" external ACL for testing purposes:
>
>
> int main(int argc, char** argv)
> {
> string line;
> while(getline(cin, line))
> {
> if(line.length()>1)
> {
> CFS::print_response_err("");
> }
> else
> exit(0);
> }
> }
>
> Why squid says redirector exited, and catches a FATAL? This code does
> not exits until squid closes stdin.

No this code closes also when Squid only delivers 1 byte of input.
For example when you pass it a single format code which has no data
available. Squid will send the line "-" which is 1 character long.

Amos
Received on Thu May 22 2014 - 18:23:14 MDT

This archive was generated by hypermail 2.2.0 : Fri May 23 2014 - 12:00:06 MDT